Chapter 19. Intrusion Detection/Prevention
IN THIS CHAPTER
Understanding the importance and use of intrusion detection
Differentiating between intrusion detection and intrusion prevention
Identifying the various ways to respond to an attack
You've heard it before: Prevention is ideal but detection is a must. While firewalls play a critical role in protecting an organization, they can't prevent all attacks. In situations in which you cannot prevent an attack you need to be able to detect it in a timely manner. Prevention and detection complement each other in providing a high degree of security. In a house, a lock provides preventive security while an alarm system allows intrusions to be detected. Similarly, on a network, the firewall plays the role of the lock and the intrusion detection system (IDS) plays the role of the alarm.
This chapter explores various types of intrusion detection systems and their effective uses. Just as an alarm has minimal value if it is not being monitored and no one is available to react, an IDS needs to have trained analysts monitoring the alerts and taking action in a timely manner.
Intrusion Detection Systems
Along with firewalls, intrusion detection is a main component of present-day security systems. The role of an intrusion detection system (IDS) is to attempt to trap a hacker's presence on a compromised network, to weed out any malfeasance as a result of the hacker's presence, and to catalog the activities so that similar attacks can be avoided in the ...
Get Network Security Bible, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
